Lucene search
K

56 matches found

OSV
OSV
added 2026/03/27 1:16 a.m.2 views

UBUNTU-CVE-2026-33721

MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer’s SLD Styled Layer Descriptor parser lets a remote, unauthenticated attacker crash the MapServer process by sending a crafted SLD with mor...

7.5CVSS5.8AI score0.00865EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/27 12:15 a.m.3 views

CVE-2026-33721

MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer’s SLD Styled Layer Descriptor parser lets a remote, unauthenticated attacker crash the MapServer process by sending a crafted SLD with mor...

5.3CVSS5.8AI score0.00865EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/27 12:15 a.m.3 views

CVE-2026-33721 MapServer has heap buffer overflow in SLD `Categorize` Threshold parsing

MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer’s SLD Styled Layer Descriptor parser lets a remote, unauthenticated attacker crash the MapServer process by sending a crafted SLD with mor...

5.3CVSS5.9AI score0.00865EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/27 12:15 a.m.4 views

EUVD-2026-16501

MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer’s SLD Styled Layer Descriptor parser lets a remote, unauthenticated attacker crash the MapServer process by sending a crafted SLD with mor...

5.3CVSS5.8AI score0.00865EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.6 views

PT-2026-28511

Name of the Vulnerable Software and Affected Versions MapServer versions 4.2 through 8.6.0 Description MapServer is a system for developing web-based GIS applications. A heap-buffer-overflow write in MapServer’s SLD Styled Layer Descriptor parser allows a remote, unauthenticated attacker to crash...

5.3CVSS5.9AI score0.00865EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.7 views

Mobiliti 安全漏洞

Mobiliti is an electric vehicle charging station system developed by the Hungarian company Mobiliti. Mobiliti has a security vulnerability, as the authentication identifiers can be accessed publicly through a web-based map platform...

6.9CVSS5.8AI score0.00243EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.10 views

Mobility46 安全漏洞

Mobility46 is a digital management platform for electric vehicle charging developed by the Swedish company Mobility46. There is a security vulnerability in Mobility46, as the identity verification identifiers of charging stations can be accessed publicly through a web-based mapping platform...

6.9CVSS5.8AI score0.00278EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.11 views

Chargemap 安全漏洞

Chargemap is a electric vehicle service platform website operated by the French company Chargemap. Chargemap has a security vulnerability, as the identity verification identifiers of charging stations can be accessed publicly through a web-based mapping platform...

7.5CVSS5.8AI score0.00301EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2025/12/31 3:49 a.m.231 views

Exploit for Improper Restriction of XML External Entity Reference in Geoserver

During my geoserver analysis I found another way to attack una...

9.8CVSS7.2AI score0.66753EPSS
Exploits4
BDU FSTEC
BDU FSTEC
added 2025/11/26 12:0 a.m.3 views

The vulnerability of the implementation of the Web Map Service (WMS) protocol in the software for managing and publishing geospatial data on the OSGeo GeoServer server allows a perpetrator to disclose protected information and cause service failures.

The vulnerability of the Web Map Service WMS protocol implementation in the software for managing and publishing geospatial data on the OSGeo GeoServer server is related to an incorrect limitation on XML links to external objects. Exploiting this vulnerability could allow a malicious actor to...

8.5CVSS6AI score0.66753EPSS
Exploits4References4Affected Software2
NVD
NVD
added 2025/11/25 10:15 p.m.6 views

CVE-2025-21621

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.25.0, a reflected cross-site scripting XSS vulnerability exists in the WMS GetFeatureInfo HTML output format that enables a remote attacker to execute arbitrary JavaScript code in a victim's...

6.1CVSS0.00252EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/11/25 9:52 p.m.11 views

CVE-2025-21621 GeoServer Reflected Cross-Site Scripting (XSS) vulnerability in WMS GetFeatureInfo HTML format

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.25.0, a reflected cross-site scripting XSS vulnerability exists in the WMS GetFeatureInfo HTML output format that enables a remote attacker to execute arbitrary JavaScript code in a victim's...

6.1CVSS0.00252EPSS
Exploits0References4
EUVD
EUVD
added 2025/11/25 9:52 p.m.5 views

EUVD-2025-199607

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.25.0, a reflected cross-site scripting XSS vulnerability exists in the WMS GetFeatureInfo HTML output format that enables a remote attacker to execute arbitrary JavaScript code in a victim's...

6.1CVSS5.6AI score0.00252EPSS
Exploits0References6
OSV
OSV
added 2025/11/25 8:17 p.m.8 views

CVE-2025-58360 GeoServer is vulnerable to an Unauthenticated XML External Entities (XXE) attack via WMS GetMap feature

GeoServer is an open source server that allows users to share and edit geospatial data. From version 2.26.0 to before 2.26.2 and before 2.25.6, an XML External Entity XXE vulnerability was identified. The application accepts XML input through a specific endpoint /geoserver/wms operation GetMap...

8.2CVSS6.8AI score0.66753EPSS
Exploits4References5
Vulnrichment
Vulnrichment
added 2025/11/25 8:17 p.m.6 views

CVE-2025-58360 GeoServer is vulnerable to an Unauthenticated XML External Entities (XXE) attack via WMS GetMap feature

GeoServer is an open source server that allows users to share and edit geospatial data. From version 2.26.0 to before 2.26.2 and before 2.25.6, an XML External Entity XXE vulnerability was identified. The application accepts XML input through a specific endpoint /geoserver/wms operation GetMap...

8.2CVSS6.5AI score0.66753EPSS
Exploits4References2
EUVD
EUVD
added 2025/11/25 8:17 p.m.7 views

EUVD-2025-199606

GeoServer is an open source server that allows users to share and edit geospatial data. From version 2.26.0 to before 2.26.2 and before 2.25.6, an XML External Entity XXE vulnerability was identified. The application accepts XML input through a specific endpoint /geoserver/wms operation GetMap...

8.2CVSS6.4AI score0.66753EPSS
Exploits4References3
CVE
CVE
added 2025/11/25 8:17 p.m.434 views

CVE-2025-58360

CVE-2025-58360 : GeoServer contains an XML External Entity (XXE) vulnerability in the GetMap operation (/geoserver/wms). The issue arises from insufficient XML input sanitization, allowing external entities to be defined in requests. Affected: GeoServer versions 2.26.0–2.26.1 and 2.25.0–2.25.5 (i...

9.8CVSS6.5AI score0.66753EPSS
In wildExploits4References3Affected Software1
CNNVD
CNNVD
added 2025/11/25 12:0 a.m.6 views

GeoServer 代码问题漏洞

GeoServer is GeoServer open source an open source software server written in Java. It allows users to share and edit geospatial data. A code issue vulnerability exists in GeoServer versions 2.26.0 through prior to 2.26.2 and prior to 2.25.6, which stems from insufficiently cleaned or restricted X...

9.8CVSS6.9AI score0.66753EPSS
Exploits4References3
Positive Technologies
Positive Technologies
added 2025/11/25 12:0 a.m.9 views

PT-2025-48090

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.25.0, a reflected cross-site scripting XSS vulnerability exists in the WMS GetFeatureInfo HTML output format that enables a remote attacker to execute arbitrary JavaScript code in a victim's...

6.1CVSS6.1AI score0.00252EPSS
Exploits0References5
OSV
OSV
added 2025/08/14 6:52 p.m.2 views

MAL-2025-39384 Malicious code in wms-capabilities-parser (npm)

The package wms-capabilities-parser was found to contain malicious code...

7.2AI score
Exploits0
Rows per page
Query Builder